Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21-05-2024 06:27
General
-
Target
ffe19694997fcd6aada399dfadd400cdac7cd209e7088a92732c260e2b3de7c6.exe
-
Size
78KB
-
MD5
7e9f546800476298078e9ca76e7d10e6
-
SHA1
7c717a0835f0a596527bbf310b062b00693aed8b
-
SHA256
ffe19694997fcd6aada399dfadd400cdac7cd209e7088a92732c260e2b3de7c6
-
SHA512
fea20a965da0db5377dead9fc23e920ec05a6e05af6977add72f0d016af47cb888a1f1889be685729f9d181ee2df5a0782cd2f01f2299423fedaf7d9841b5052
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIYgC/KSLJEd2arzla:ymb3NkkiQ3mdBjFI3eFC/rzk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ffe19694997fcd6aada399dfadd400cdac7cd209e7088a92732c260e2b3de7c6.exe"C:\Users\Admin\AppData\Local\Temp\ffe19694997fcd6aada399dfadd400cdac7cd209e7088a92732c260e2b3de7c6.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhhh.exec:\nbhhhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lxrrrr.exec:\3lxrrrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfflflf.exec:\xfflflf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpvj.exec:\jjpvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdd.exec:\pvjdd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhntt.exec:\hbhntt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbnhh.exec:\ntbnhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvv.exec:\pppvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrxfr.exec:\rrfrxfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjj.exec:\vvvjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdv.exec:\ppjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhhhn.exec:\1hhhhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddjj.exec:\vddjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxllxxf.exec:\rxllxxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbbnn.exec:\bhbbnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnnn.exec:\bbnnnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flffxxx.exec:\flffxxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfffll.exec:\xxfffll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttbh.exec:\btttbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjp.exec:\jjjjp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xfflrr.exec:\5xfflrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnttt.exec:\nbnttt.exe23⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe24⤵
- Executes dropped EXE
-
\??\c:\jvjjd.exec:\jvjjd.exe25⤵
- Executes dropped EXE
-
\??\c:\flxrrrl.exec:\flxrrrl.exe26⤵
- Executes dropped EXE
-
\??\c:\ntbbnn.exec:\ntbbnn.exe27⤵
- Executes dropped EXE
-
\??\c:\1dvpd.exec:\1dvpd.exe28⤵
- Executes dropped EXE
-
\??\c:\frfxxrr.exec:\frfxxrr.exe29⤵
- Executes dropped EXE
-
\??\c:\bnnnhh.exec:\bnnnhh.exe30⤵
- Executes dropped EXE
-
\??\c:\tnbttt.exec:\tnbttt.exe31⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe32⤵
- Executes dropped EXE
-
\??\c:\rxrrxfx.exec:\rxrrxfx.exe33⤵
- Executes dropped EXE
-
\??\c:\1ffxrxr.exec:\1ffxrxr.exe34⤵
- Executes dropped EXE
-
\??\c:\tntbtb.exec:\tntbtb.exe35⤵
- Executes dropped EXE
-
\??\c:\hntnbb.exec:\hntnbb.exe36⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe37⤵
- Executes dropped EXE
-
\??\c:\xrxffll.exec:\xrxffll.exe38⤵
- Executes dropped EXE
-
\??\c:\lrrxlfl.exec:\lrrxlfl.exe39⤵
- Executes dropped EXE
-
\??\c:\5hnhhb.exec:\5hnhhb.exe40⤵
- Executes dropped EXE
-
\??\c:\bbnnhn.exec:\bbnnhn.exe41⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe42⤵
- Executes dropped EXE
-
\??\c:\flrrlrx.exec:\flrrlrx.exe43⤵
- Executes dropped EXE
-
\??\c:\tnhhhh.exec:\tnhhhh.exe44⤵
- Executes dropped EXE
-
\??\c:\jjjvv.exec:\jjjvv.exe45⤵
- Executes dropped EXE
-
\??\c:\rfffxff.exec:\rfffxff.exe46⤵
- Executes dropped EXE
-
\??\c:\rlllfxx.exec:\rlllfxx.exe47⤵
- Executes dropped EXE
-
\??\c:\tbnhhh.exec:\tbnhhh.exe48⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe49⤵
- Executes dropped EXE
-
\??\c:\vjjvj.exec:\vjjvj.exe50⤵
- Executes dropped EXE
-
\??\c:\llxxxrl.exec:\llxxxrl.exe51⤵
- Executes dropped EXE
-
\??\c:\xlxrrrf.exec:\xlxrrrf.exe52⤵
- Executes dropped EXE
-
\??\c:\bthhhb.exec:\bthhhb.exe53⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe54⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe55⤵
- Executes dropped EXE
-
\??\c:\xxxllll.exec:\xxxllll.exe56⤵
- Executes dropped EXE
-
\??\c:\bhhbtb.exec:\bhhbtb.exe57⤵
- Executes dropped EXE
-
\??\c:\hhbbtt.exec:\hhbbtt.exe58⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe59⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe60⤵
- Executes dropped EXE
-
\??\c:\ffxfrrl.exec:\ffxfrrl.exe61⤵
- Executes dropped EXE
-
\??\c:\rrffrrf.exec:\rrffrrf.exe62⤵
- Executes dropped EXE
-
\??\c:\nthhbb.exec:\nthhbb.exe63⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe64⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe65⤵
- Executes dropped EXE
-
\??\c:\rflrrxr.exec:\rflrrxr.exe66⤵
-
\??\c:\nbtttb.exec:\nbtttb.exe67⤵
-
\??\c:\nnhnnn.exec:\nnhnnn.exe68⤵
-
\??\c:\ppddj.exec:\ppddj.exe69⤵
-
\??\c:\jjdvd.exec:\jjdvd.exe70⤵
-
\??\c:\1fflfll.exec:\1fflfll.exe71⤵
-
\??\c:\fxlllll.exec:\fxlllll.exe72⤵
-
\??\c:\ttbhnn.exec:\ttbhnn.exe73⤵
-
\??\c:\nhbbbh.exec:\nhbbbh.exe74⤵
-
\??\c:\pppjp.exec:\pppjp.exe75⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe76⤵
-
\??\c:\lxfllff.exec:\lxfllff.exe77⤵
-
\??\c:\lfxxflr.exec:\lfxxflr.exe78⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe79⤵
-
\??\c:\tthhhh.exec:\tthhhh.exe80⤵
-
\??\c:\djjjp.exec:\djjjp.exe81⤵
-
\??\c:\xllfxxr.exec:\xllfxxr.exe82⤵
-
\??\c:\fxxflxf.exec:\fxxflxf.exe83⤵
-
\??\c:\9nnnnh.exec:\9nnnnh.exe84⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe85⤵
-
\??\c:\frxxrll.exec:\frxxrll.exe86⤵
-
\??\c:\tthhbb.exec:\tthhbb.exe87⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe88⤵
-
\??\c:\fflfflf.exec:\fflfflf.exe89⤵
-
\??\c:\lffffll.exec:\lffffll.exe90⤵
-
\??\c:\nnhhtn.exec:\nnhhtn.exe91⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe92⤵
-
\??\c:\xrlfxrr.exec:\xrlfxrr.exe93⤵
-
\??\c:\3nnnbb.exec:\3nnnbb.exe94⤵
-
\??\c:\ttnhnn.exec:\ttnhnn.exe95⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe96⤵
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe97⤵
-
\??\c:\xxfxllf.exec:\xxfxllf.exe98⤵
-
\??\c:\ttbnnt.exec:\ttbnnt.exe99⤵
-
\??\c:\bthbnh.exec:\bthbnh.exe100⤵
-
\??\c:\jppdv.exec:\jppdv.exe101⤵
-
\??\c:\lfrlflx.exec:\lfrlflx.exe102⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe103⤵
-
\??\c:\bntttt.exec:\bntttt.exe104⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe105⤵
-
\??\c:\ffrrxxx.exec:\ffrrxxx.exe106⤵
-
\??\c:\hbbbbt.exec:\hbbbbt.exe107⤵
-
\??\c:\bbbnhh.exec:\bbbnhh.exe108⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe109⤵
-
\??\c:\xfrxrxl.exec:\xfrxrxl.exe110⤵
-
\??\c:\ntthbb.exec:\ntthbb.exe111⤵
-
\??\c:\ddjvp.exec:\ddjvp.exe112⤵
-
\??\c:\jvvjv.exec:\jvvjv.exe113⤵
-
\??\c:\xrxrllr.exec:\xrxrllr.exe114⤵
-
\??\c:\hbbbbt.exec:\hbbbbt.exe115⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe116⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe117⤵
-
\??\c:\xlrlrrf.exec:\xlrlrrf.exe118⤵
-
\??\c:\htnhhh.exec:\htnhhh.exe119⤵
-
\??\c:\nhtntn.exec:\nhtntn.exe120⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe121⤵
-
\??\c:\9jvjd.exec:\9jvjd.exe122⤵
-
\??\c:\rllrffx.exec:\rllrffx.exe123⤵
-
\??\c:\fxrllll.exec:\fxrllll.exe124⤵
-
\??\c:\nbnbbh.exec:\nbnbbh.exe125⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe126⤵
-
\??\c:\fxxlfrl.exec:\fxxlfrl.exe127⤵
-
\??\c:\3lrlffr.exec:\3lrlffr.exe128⤵
-
\??\c:\thnbnn.exec:\thnbnn.exe129⤵
-
\??\c:\xrrxrrx.exec:\xrrxrrx.exe130⤵
-
\??\c:\9lrlxxf.exec:\9lrlxxf.exe131⤵
-
\??\c:\pdppp.exec:\pdppp.exe132⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe133⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe134⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe135⤵
-
\??\c:\rlffffx.exec:\rlffffx.exe136⤵
-
\??\c:\nbtbtn.exec:\nbtbtn.exe137⤵
-
\??\c:\vdpdv.exec:\vdpdv.exe138⤵
-
\??\c:\ffrlrrr.exec:\ffrlrrr.exe139⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe140⤵
-
\??\c:\vvddd.exec:\vvddd.exe141⤵
-
\??\c:\3rrrllf.exec:\3rrrllf.exe142⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe143⤵
-
\??\c:\jvvdj.exec:\jvvdj.exe144⤵
-
\??\c:\9fflflf.exec:\9fflflf.exe145⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe146⤵
-
\??\c:\nbhtnn.exec:\nbhtnn.exe147⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe148⤵
-
\??\c:\rlxrrrl.exec:\rlxrrrl.exe149⤵
-
\??\c:\rrxrfxf.exec:\rrxrfxf.exe150⤵
-
\??\c:\5bbttt.exec:\5bbttt.exe151⤵
-
\??\c:\3htbhb.exec:\3htbhb.exe152⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe153⤵
-
\??\c:\pdjpj.exec:\pdjpj.exe154⤵
-
\??\c:\lrxxfff.exec:\lrxxfff.exe155⤵
-
\??\c:\llfrlrl.exec:\llfrlrl.exe156⤵
-
\??\c:\bttntt.exec:\bttntt.exe157⤵
-
\??\c:\dddvp.exec:\dddvp.exe158⤵
-
\??\c:\jpvjj.exec:\jpvjj.exe159⤵
-
\??\c:\xflffll.exec:\xflffll.exe160⤵
-
\??\c:\fllrlfr.exec:\fllrlfr.exe161⤵
-
\??\c:\bnthbt.exec:\bnthbt.exe162⤵
-
\??\c:\bbnhhh.exec:\bbnhhh.exe163⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe164⤵
-
\??\c:\lflxfll.exec:\lflxfll.exe165⤵
-
\??\c:\hbthhh.exec:\hbthhh.exe166⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe167⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe168⤵
-
\??\c:\rfxrrrx.exec:\rfxrrrx.exe169⤵
-
\??\c:\5nnbht.exec:\5nnbht.exe170⤵
-
\??\c:\ntnnnt.exec:\ntnnnt.exe171⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe172⤵
-
\??\c:\xxllrrl.exec:\xxllrrl.exe173⤵
-
\??\c:\ntttnt.exec:\ntttnt.exe174⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe175⤵
-
\??\c:\lxllxxl.exec:\lxllxxl.exe176⤵
-
\??\c:\7tttbb.exec:\7tttbb.exe177⤵
-
\??\c:\3ppvd.exec:\3ppvd.exe178⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe179⤵
-
\??\c:\fxlfflr.exec:\fxlfflr.exe180⤵
-
\??\c:\hbhttb.exec:\hbhttb.exe181⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe182⤵
-
\??\c:\xlrxxff.exec:\xlrxxff.exe183⤵
-
\??\c:\bhtbhn.exec:\bhtbhn.exe184⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe185⤵
-
\??\c:\djppv.exec:\djppv.exe186⤵
-
\??\c:\nbbnnh.exec:\nbbnnh.exe187⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe188⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe189⤵
-
\??\c:\pppdv.exec:\pppdv.exe190⤵
-
\??\c:\nthtnn.exec:\nthtnn.exe191⤵
-
\??\c:\3ddvp.exec:\3ddvp.exe192⤵
-
\??\c:\pvdjv.exec:\pvdjv.exe193⤵
-
\??\c:\lxlffxx.exec:\lxlffxx.exe194⤵
-
\??\c:\nbtbht.exec:\nbtbht.exe195⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe196⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe197⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe198⤵
-
\??\c:\nbbbbh.exec:\nbbbbh.exe199⤵
-
\??\c:\3pjdd.exec:\3pjdd.exe200⤵
-
\??\c:\llflffr.exec:\llflffr.exe201⤵
-
\??\c:\lfxrflf.exec:\lfxrflf.exe202⤵
-
\??\c:\ntthth.exec:\ntthth.exe203⤵
-
\??\c:\jjpvd.exec:\jjpvd.exe204⤵
-
\??\c:\rlxrffr.exec:\rlxrffr.exe205⤵
-
\??\c:\1bbttn.exec:\1bbttn.exe206⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe207⤵
-
\??\c:\dvddv.exec:\dvddv.exe208⤵
-
\??\c:\lxlxxff.exec:\lxlxxff.exe209⤵
-
\??\c:\bnttnt.exec:\bnttnt.exe210⤵
-
\??\c:\nhhhbt.exec:\nhhhbt.exe211⤵
-
\??\c:\vdddv.exec:\vdddv.exe212⤵
-
\??\c:\xrrxrfx.exec:\xrrxrfx.exe213⤵
-
\??\c:\htttnn.exec:\htttnn.exe214⤵
-
\??\c:\thhhht.exec:\thhhht.exe215⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe216⤵
-
\??\c:\lllfxxx.exec:\lllfxxx.exe217⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe218⤵
-
\??\c:\htbttt.exec:\htbttt.exe219⤵
-
\??\c:\vppjj.exec:\vppjj.exe220⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe221⤵
-
\??\c:\frrrlrl.exec:\frrrlrl.exe222⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe223⤵
-
\??\c:\nhthbb.exec:\nhthbb.exe224⤵
-
\??\c:\1djjd.exec:\1djjd.exe225⤵
-
\??\c:\lxrrlrf.exec:\lxrrlrf.exe226⤵
-
\??\c:\nntttt.exec:\nntttt.exe227⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe228⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe229⤵
-
\??\c:\3dvpj.exec:\3dvpj.exe230⤵
-
\??\c:\rfflfff.exec:\rfflfff.exe231⤵
-
\??\c:\nbttnn.exec:\nbttnn.exe232⤵
-
\??\c:\btbtbt.exec:\btbtbt.exe233⤵
-
\??\c:\5dddv.exec:\5dddv.exe234⤵
-
\??\c:\rxrxlrl.exec:\rxrxlrl.exe235⤵
-
\??\c:\nhnhnh.exec:\nhnhnh.exe236⤵
-
\??\c:\ttbtbb.exec:\ttbtbb.exe237⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe238⤵
-
\??\c:\rrfxrff.exec:\rrfxrff.exe239⤵
-
\??\c:\rllfrrl.exec:\rllfrrl.exe240⤵
-
\??\c:\tnhtht.exec:\tnhtht.exe241⤵